Previous Topic: Web Agent Configuration OverviewNext Topic: Agent Configuration Object Overview

Policy Server GuidesPolicy Server Configuration GuideAgents and Agent GroupsHow to Configure a Web Agent

How to Configure a Web Agent

Several tasks must be completed to configure an agent. These tasks apply to local and central configuration of an agent.

Note: Set up the Policy Server for agent communication before you install an Agent and register a trusted host.

Follow these steps:

  1. Install a Policy Server.
  2. Create a Host Configuration Object.
  3. Grant the Register Trusted Hosts permission to a Policy Server Administrator. An administrator must have the permission to register trusted hosts.

    Note: If you create an administrator with only the Register Trusted Hosts permission, that administrator cannot use the Administrative UI.

  4. Create an Agent object. This object defines the name of the agent. Do not confuse this object with an Agent Configuration Object.
  5. Create an Agent Configuration Object.

    If you plan to configure an Agent locally, you still need this object to enable the local configuration parameter, AllowLocalConfig.

  6. At the client site, install the agent.
  7. Register the trusted host. Part of this process is to provide the name of the Host Configuration Object that you already created at the Policy Server.
  8. When the Agent-related policy objects are configured, enable the agent. This setting is in the local Agent configuration file.

More information:

Host Configuration Objects for Trusted Hosts

Agent Configuration Object Overview

Enable a Web Agent

Configure Web Agents Centrally

To centrally configure Web Agents, perform the steps outlined in Configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.

If you specify any configuration parameters locally, the parameter values in the local Agent configuration file override the values in the corresponding Agent Configuration Object, merging the input from both configuration sources.

To use a local configuration exclusively, without combining input from an Agent Configuration Object and an Agent configuration file, configure the Agent Configuration Object with only the AllowLocalConfig parameter and set it to yes. This ensures that the Web Agent will only have configuration data from the local configuration file.

To better understand how central and local configuration work together, read Combined Central and Local Configuration.

Create a Host Configuration Object

You can create (or duplicate) a Host Configuration object.

Follow these steps:

  1. Click Infrastructure, Hosts.
  2. Click Host Configuration Objects.
  3. Click Create Host Configuration.
  4. Do one of the following tasks:
  5. Click OK.
  6. Type the name and a description.
  7. In Configuration Values, specify the Host Configuration settings.
  8. Click Submit.
Configure Web Agents Locally

Agents read both the agent configuration object and the local agent configuration file. Values in the local agent configuration file override those values in the Agent Configuration Object. The agent uses all of those settings together. You can modify only a small subset of Agent parameters locally, then rely on the central agent configuration object for the rest the configuration settings.

Follow these steps:

  1. Obtain permission for performing local configuration from a Policy Server administrator.
  2. Configure a Web Agent.
  3. In the Agent Configuration Object, set the AllowLocalConfig parameter to yes.
  4. Edit the Web Agent configuration file (LocalConfig.conf).

    Be sure to modify a copy of the Web Agent configuration file and maintain a backup copy.

    All agents have a sample WebAgent.conf.sample file In the <web_agent_home>\config directory. Modify this file, then save it under the name WebAgent.conf to the appropriate web server location.

Combined Central and Local Configuration

When an agent starts, it searches the agent configuration object for configuration information, and notes the value of the AllowLocalConfig parameter. If this parameter is set to yes, the Web Agent searches the corresponding Agent’s local configuration file for modified or additional parameters, overriding any Agent Configuration Object parameters with the value from its configuration file.

Example of Using Central and Local Configuration

Scenario:

You want to configure multiple cookie domain single sign-on across your network without having to configure each agent individually.

The CookieDomain parameter in the agent configuration object is set to example.com. Set the CookieDomain parameter to example.org for one agent in your network. Use all of the other parameter values set in the agent configuration object.

Solution:

Follow these steps:

  1. Configure an agent configuration object with all the parameters applicable for your environment.
  2. In the agent configuration object, set the AllowLocalConfig parameter to yes.
  3. For the single agent, change only the CookieDomain parameter to example.org. Do not modify any other parameters.

The value for the CookieDomain parameter in the agent configuration file overrides the value in the agent configuration object. The agent configuration object determines the settings for all the other parameters.

Create an Agent Object to Establish a Web Agent Identity

To create a Web Agent identity, create an Agent object in the Administrative UI. The object name must match the values of either the AgentName or DefaultAgentName parameters in the agent configuration file or agent configuration object. The Policy Server maps the agent name to the IP address of the web server hosting the Web Agent. This mapping associates policies with agents. Creating an agent object and identity lets you associate the agent with a realm.

Follow these steps:

  1. Click Infrastructure, Agent.
  2. Click Agents
  3. Click Create Agent.
  4. Click OK.
  5. Type the name and description of the Agent.

    Note: Web Agent names have the following limits:

  6. Select SiteMinder as the Agent Style and Web Agent as the Agent Type.
  7. Click Submit.
Configure an Agent Object for a 4.x Web Agent Identity

To create a 4.x Web Agent identity, create an Agent object in the Administrative UI. The object name must match the Agent name in the local Web Agent configuration file. Creating a Web Agent object and identity lets you associate the Web Agent with a realm.

Follow these steps:

  1. Click Infrastructure, Agent.
  2. Click Agents.
  3. Click Create Agent.

    Verify that the Create a new object of type Agent option is selected.

  4. Click OK.
  5. Type the name and description of the Agent.

    Note: Web Agent names have the following limits:

  6. Confirm the following settings:
  7. Select the Supports 4.x agents option.

    The Trust Settings page appears.

  8. Enter the IP Address of the server on which the Agent resides.

    Note: Like a single server, virtual servers have defined names and IP addresses. Each Agent on a virtual server must have a unique Agent name.

  9. Type and confirm a shared secret.

    Limits:

    Note: Any virtual servers on the same web server must use the same secret. When a 4.x Agent attempts to connect to the Policy Server, the Agent and Policy Server use the shared secret for mutual authentication.

  10. Click Submit.

    The 4.x Web Agent object is created.

More information:

Realms

Copy Policy Server Objects

Set the Configuration Parameters in the Agent Configuration Object

The following procedure contains the two general sub-procedures required to set the configuration parameters of an agent configuration object.

To define the Web Agent’s configuration

  1. Create an Agent Configuration Object.
  2. Modify the configuration parameters in this object.

Note: When configuring centrally or locally configuring a Web Agent, refer to the Web Agent Configuration Guide for parameter descriptions, the default values, and instructions on setting the parameters.

More information:

Agent Configuration Object Overview